package com.XinYun.Library.modules.display.dao;

import cn.hutool.core.lang.Assert;
import com.XinYun.Library.utils.SqlUtils.DruidUtil;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;

public class sqlexecutor {
    private static void security(String sql) throws SQLException {
        //sql语句·检测，调用了HuTools的Assert
        Assert.notBlank(sql, "sql语句不能为空！");
        sql = sql.trim();
        String tag = new Scanner(sql).next();
        if(tag.equalsIgnoreCase("SELECT")||
                tag.equalsIgnoreCase("UPDATE")||
                tag.equalsIgnoreCase("INSERT")||
                tag.equalsIgnoreCase("DELETE")) {
        } else {
            throw new SQLException("请不要输入CRUD以外语句");
        }
    }


    public static ResultSet select(String sql, String bookname) throws SQLException {
            Connection connection=DruidUtil.getConnection();
            PreparedStatement preparedStatement = connection.prepareStatement(sql);
            //对问号传参
            preparedStatement.setString(1,bookname+"%");
            preparedStatement.setString(2,bookname+"%");
            ResultSet  resultSet = preparedStatement.executeQuery();
            return resultSet;
    }
}
